${plugin}
@@ -233,7 +233,7 @@ define('admin/extend/plugins', [
const plugins = $('#order-active-plugins-modal .plugin-list').children();
const data = [];
plugins.each(function (index, el) {
- data.push({ name: $(el).text(), order: index });
+ data.push({ name: $(el).attr('data-plugin'), order: index });
});
socket.emit('admin.plugins.orderActivePlugins', data, function (err) {
diff --git a/src/socket.io/admin/plugins.js b/src/socket.io/admin/plugins.js
index 46d77c9c1a..b8890f9e61 100644
--- a/src/socket.io/admin/plugins.js
+++ b/src/socket.io/admin/plugins.js
@@ -5,6 +5,7 @@ const nconf = require('nconf');
const plugins = require('../../plugins');
const events = require('../../events');
const db = require('../../database');
+const { pluginNamePattern } = require('../../constants');
const Plugins = module.exports;
@@ -41,7 +42,14 @@ Plugins.orderActivePlugins = async function (socket, data) {
throw new Error('[[error:plugins-set-in-configuration]]');
}
data = data.filter(plugin => plugin && plugin.name);
- await Promise.all(data.map(plugin => db.sortedSetAdd('plugins:active', plugin.order || 0, plugin.name)));
+
+ data.forEach((plugin) => {
+ if (!pluginNamePattern.test(plugin.name)) {
+ throw new Error('[[error:invalid-plugin-id]]');
+ }
+ });
+
+ await db.sortedSetAdd('plugins:active', data.map(p => p.order || 0), data.map(p => p.name));
};
Plugins.upgrade = async function (socket, data) {